Skip to content

feat(acp): permission persistence and MCP transport parity#819

Merged
bug-ops merged 4 commits intomainfrom
epic/acp-permission-mcp-parity
Feb 24, 2026
Merged

feat(acp): permission persistence and MCP transport parity#819
bug-ops merged 4 commits intomainfrom
epic/acp-permission-mcp-parity

Conversation

@bug-ops
Copy link
Owner

@bug-ops bug-ops commented Feb 24, 2026

Summary

Implements Epic #786 — Permission Persistence and MCP Transport Parity.

  • Permission persistence: AllowAlways/RejectAlways decisions saved to ~/.config/zeph/acp-permissions.toml and restored on startup, eliminating redundant IDE permission prompts across restarts
  • MCP HTTP parity: Already implemented in codebase (McpTransport::Http, StreamableHttpClientTransport) — no changes needed

Permission persistence details

  • Atomic write via temp file + rename with 0o600 permissions (Unix)
  • PID-unique temp filename prevents multi-instance collisions
  • NUL byte separator for session/tool cache keys (supports tool names with colons)
  • 1 MiB file size guard before TOML parsing
  • Graceful fallback on missing or corrupt files
  • Configurable path via acp.permission_file or ZEPH_ACP_PERMISSION_FILE env var

Files changed

  • crates/zeph-acp/src/permission.rs — load/save logic, atomic write, security hardening
  • crates/zeph-acp/src/agent.rs — thread permission_file through agent
  • crates/zeph-acp/src/transport.rs — permission_file in AcpServerConfig
  • crates/zeph-core/src/config/types.rs — permission_file field in AcpConfig
  • crates/zeph-core/src/config/env.rs — ZEPH_ACP_PERMISSION_FILE env override
  • src/main.rs — wire permission_file through AgentDeps

Test plan

  • Unit tests: persist round-trip, missing file fallback, pre-populated gate
  • Integration tests: compile and pass with new AcpServerConfig field
  • All 2581 workspace tests pass
  • Security review: 0o600 permissions, PID-unique tmp, size guard, NUL separator

Closes #786

@bug-ops
feat(acp): persist permission decisions to TOML file
19918a1 
AllowAlways/RejectAlways decisions are now saved to
~/.config/zeph/acp-permissions.toml (configurable via
acp.permission_file or ZEPH_ACP_PERMISSION_FILE env var) and
restored on startup, eliminating redundant IDE permission prompts.

- Atomic write via temp file + rename with 0o600 permissions on Unix
- PID-unique temp filename to prevent multi-instance collisions
- NUL separator for session/tool cache keys (supports tool names with colons)
- 1 MiB file size guard before TOML parsing
- Graceful fallback on missing or corrupt files
@bug-ops bug-ops added this to the ACP Phase 2 milestone Feb 24, 2026
@github-actions github-actions bot added enhancement New feature or request size/L rust core dependencies and removed enhancement New feature or request size/L labels Feb 24, 2026
@github-actions github-actions bot added documentation Improvements or additions to documentation enhancement New feature or request size/L labels Feb 24, 2026
@bug-ops
Merge remote-tracking branch 'origin/main' into epic/acp-permission-m…
3b21a03 
…cp-parity
@bug-ops
test(acp): add edge case tests for permission persistence
d0579cd 
- corrupt TOML graceful fallback
- empty file returns empty cache
- oversized file (>1 MiB) returns empty cache
- unknown decision string skipped with valid entries preserved
@bug-ops bug-ops merged commit f6cc348 into main Feb 24, 2026
23 checks passed
@bug-ops bug-ops deleted the epic/acp-permission-mcp-parity branch February 24, 2026 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core dependencies documentation Improvements or additions to documentation enhancement New feature or request rust size/L

Projects

None yet

Milestone

ACP Phase 2

Development

Successfully merging this pull request may close these issues.

Epic: Permission Persistence and MCP Transport Parity

1 participant

@bug-ops